Hello all, I am very disapointed today to find my phpnuke 7,6 site hads been hacked. I have the latest Sentinal and I have even renamed the admin.php and have the latest phbb forums????? anyway I find that somebody has changed all my modules to display their images etc and also changed the front page. this has all been done thtough ftp access???
how could this of been possible???? I am totally lost ?? no admin was changed seems to be all ftp access there is no way they got hold of my user id and pass. how could it of been possible to hack my hosts????
Thanks for any help
mrix

For sure any info stored on the website could be accessed. Your website info (username and password) may or may not have been. It is less likely especially if it is unique from your mysql info and admin info, but not impossible. But for sure I'd clean out the database of any new author entries and change the MySQL username and password.

But the issue could very well be with Coppermine and it would be wisest to backup the module and delete all the files. You can leave the photos if you've linked them thoughout your site it would pretty messy to delete those.

thing is I didnt have any authors added to my actual phpnuke site most if not everything was intact on the site. I just cant understand how this guy managed to gain access to my hosted files and change the module info and index.php details tp place his hack images throughout all my modules it must of took him some time to do it also. fortunately I have made up to date backups of everything. I have also deactivated coppermine and will give Menalto a try as Raven explained.
Thanks again
mrix

thing is I didnt have any authors added to my actual phpnuke site most if not everything was intact on the site.

Most likely your server files were not accessed (based on your description). You were probably just hacked with an 'sql injection' which alters entries in the database that holds content for news articles and blocks, as well as footer msgs.

If the attack on your site had gained them either an entry in the author's table or your actual server access user/pass, you'd know it... the damage you'd be describing would be tenfold.

Please remember that having the latest Chatserv patches and Sentinel will NOT protect you from other 3rd party software you've installed that has security flaws in it, especially injection vulns (which are by far the most common).

Please contact your Hosting support team and have them scan your webspace for any IRC bots or any other nasty things they might have left behind if they did in fact get server or FTP access. Other than that, change your FTP password through CPanel or your Hosting Support. Change your MySQL password, and your Nuke Admin password.

Oh, and ditch Coppermine. This software is -rediculously- past the point where their dev team should have it patched against such simple injection hacks. There's no excuse for this in Feb of 2005. Sorry for your troubles, but trust me here, you got off cheap and it will be fairly easy to restore order. Learn from this, or be destined to re-live it.

Hello all, finally managed to contact my host to find out their whole host server had been hacked "ouch" anyway I have had enough of this and all the other problems I have had ie lots of down time and have moved host to Raven Web hosting at least you guys know what your talking about lol
Thanks
mrix

Welcome aboard so to speak! I don't think you'll find any regrets over the choice to relocate. Raven goes to a lot of trouble to inform people of known risks and will go so far as to ban a script so as not to compromise others sharing the environment. When there is a simple solution to a problem he's usually one of the first to verify if not create the fix for it.

In the case of Coppermine in particular it is just too large an application for any of one of us to take on the task of making it safe. Though it is a nice looking gallery it was based on a simple application and with each added feature on top of the original weak code its grown harder and harder to secure the thing. Then throw in PHP, ImageMagic and NetPBM changes and issues it gets even harder to address.

I know there is an effort to find someone qualified to take on the Coppermine port but to date no one has come forward. I have looked at it and compared it to the current stand alone version and frankly I was surprised to find that while active the CPG Nuke team had made more progress with improving the application then the Coppermine core team had. Thats not a slam but it is a fact and points out what a large under taking a fresh port would be to create from the current stand alone Coppermine version. IMO it would be as great if not a greater task then the phpbb port or OsCommerce. So there is the challenge for a new team to take on responsibility for.

View next topicView previous topic
You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou can attach files in this forumYou can download files in this forum